When specifying --tls-client --cert ... without a --key (or --pkcs11) option,
OpenVPN should complain: "You must define private key file (--key)...". Ensure
that this works even when compiling with MANAGMENT_EXTERNAL_KEY.
Also fix the other instance where this logic is broken
Orginal-Patch-by: Found by Joachim Schipper <joachim.schip...@fox-it.com>
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/options.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 5f19c27..a8843ed 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2274,7 +2274,7 @@ options_postprocess_verify_ce (const struct options
*options, const struct conne
{
notnull (options->cert_file, "certificate file (--cert) or
PKCS#12 file (--pkcs12)");
#ifdef MANAGMENT_EXTERNAL_KEY
- if (!options->management_flags & MF_EXTERNAL_KEY)
+ if (!(options->management_flags & MF_EXTERNAL_KEY))
#endif
notnull (options->priv_key_file, "private key file (--key) or
PKCS#12 file (--pkcs12)");
}
@@ -2666,7 +2666,7 @@ options_postprocess_filechecks (struct options *options)
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE,
options->extra_certs_file, R_OK,
"--extra-certs");
#ifdef MANAGMENT_EXTERNAL_KEY
- if(!options->management_flags & MF_EXTERNAL_KEY)
+ if(!(options->management_flags & MF_EXTERNAL_KEY))
#endif
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE,
options->priv_key_file, R_OK,
"--key");
--
1.7.9.5
